Thank you Dameon. If I get it right this command kind of injects drop templates into SecureXL tables so end result is more or less the same.

From my 730:

[Expert@seven-eleven]# sim dropcfg
Usage: sim dropcfg <options>

Options:
-l - show current configuration
-f <file> - set configuration file
-r - reset drop rules
-y - avoid confirmation
-h - this help message
-e - enforce on the external interface only

Configuration file:
The file should contain drop rules. One rule per line.
Each rule line must contain one or more of the following parameters:
src <source ip>/<subnet> - Source subnet/ip. Subnet is optional.
dst <destination ip>/<subnet> - Dest subnet/ip. Subnet is optional.
dport <destination port> - Dest port.
proto <ip protocol> - IP Protocol (eg. TCP=6,UDP=17,ICMP=1).

Examples:
src 1.1.1.1
dport 80 proto 6
src 1.1.1.0/24 dst 2.2.0.0/16 dport 53 proto 17

Notes:
* If subnet is not specified, a single ip is assumed
* Use '*' to specify 'any'. It's the same as not specifying the param
* You can add comment lines by using '#' at the beginning of the line
* Empty lines are ignored

[Expert@seven-eleven]# sim dropcfg -l
Drop DB is not configured

And SecureXL penalty box mechanism:

[Expert@seven-eleven]# sim erdos

Usage: sim erdos <options>

-h                      - this help message

-x <0/1>                - enforce only on external interfaces

-v <0/1>                - enforce on VPN traffic

-m <0/1>                - monitor only

Penalty box:

-e <0/1>                - enable/disable

-t <seconds>            - time a host is penalized

-d <violations>         - rate of allowed violations per address

-l <0/1>                - log when a host is put in the penalty box

-k <0/1>                - log dropped packets

Misc:

-z                      - zap the statistics

-f <0/1>                - enable/disable drop all fragments

-o <0/1>                - enable/disable drop all IP options

Thanx for the info Günther. I have found two related SKs: sk67861 and sk74520.

Later one was especially nice. I tried to run this command that is mentioned in it:

cat /proc/ppk/erdos

And guess what... Appliance instantly rebooted

There was this entry in /var/log/messages:

2018 Dec  4 11:41:06 RD6281 user.notice root: [!] Panic detected at , log archived to logs folder

What a surprise, haven't seen that before in similar cases. So I checked /logs folder and there was panic-1543916466.zip there. Inside there are two files dmesg-ramoops-0 and dmesg-ramoops-1 all with the same relevant entries:

<1>Unable to handle kernel paging request at virtual address 20202024
<1>pgd = ec3bd580
<1>[20202024] *pgd=53dc9003, *pmd=00000000
<0>Internal error: Oops: 206 [#1] SMP ARM

SMB is sometimes such fun to explore.... 

SecureXL Penalty Box mechanism isn't supported on SMB--listed here:

Check Point R77.20.xx for 600 / 700 / 1100 / 1200R / 1400 / 910 Appliance Features and Known Limitat... 

I wonder why would drop templates require more memory. I mean what is significantly different compared to processing accept templates...

This is a small business appliance with a (in comparison) low price tag that gives you a fair level of security. To replace SPLAT Embedded from the Safe@Office, CP has buildt GAiA Embedded and WebGUI, trying to have a subset of GAiA / CP SW functionality available on SMB devices. During firmware history, you were able to encounter leftovers from crond (now implemented), bootmenue diagnostics, cpview, a.o. showing decisions in the development process.